1. Field of the Invention
Verifiers, systems and methods consistent with the present invention relate to remotely verifying the integrity of a memory by checking whether a check code, which is generated by filling out free areas of the memory of a device with random numbers, and a check code, generated by the device, match and using a check code generation time from the device.
2. Description of the Related Art
FIG. 1 depicts an integrity verification method of a conventional device.
Referring now to FIG. 1, remote network appliances, such as television set-top boxes, mobile phones, personal computers based on local area networks (LANs) and wide area networks (WANs), and miniature sensors, are vulnerable to tampering by hackers because of the limited ability of a network host or a service provider to control user access to the remote devices. The network host or service provider cannot easily physically inspect the remote device, and it is difficult to determine whether a remote device has been tampered with, for example, by a user to obtain unauthorized access to software applications offered by the network. Thus, a technique is needed to verify the integrity of a memory of the remote device in a network environment. The integrity is the assurance that information, in terms of data and network security, can only be accessed or modified by authorized users.
Conventional memory integrity verification methods check the integrity of the remote device by comparing a digest value for a selected software and a hash value of a memory area of the remote device.
A conventional method using the hash value of the memory area to check the integrity is disclosed in U.S. Patent Application Publication No. 2002/0138554. The conventional method using the hash value of the memory area generates a hash value by inserting a random seed in the memory area, and provides the device with information regarding the random seed, the hash function, and the memory area to be verified. The device generates a hash value of the memory area to be verified by using the information provided from a verifier, and transmits the generated hash value to the verifier. Next, the verifier compares its generated hash value relating to the memory area and the hash value generated by the device to check the integrity of the memory area.
Such a conventional method verifies the integrity using the hash value of the memory area to be checked. However, in case a malicious code, such as a virus, attacks or tampers, with the memory location, the integrity check is bypassed. As a result, the verifier cannot accurately conduct the integrity verification.
A conventional device integrity verification method using a digest of a selected software is disclosed in U.S. Pat. No. 6,748,538. This conventional method signs a digest with respect to a software stored in the device and stores it in a memory. The integrity of the software is checked by comparing a digest which applies a separate hash function to the selected software and the signed digest. However, disadvantageously, this method can check the integrity only for the software stored in the memory.
U.S. Pat. No. 6,138,236 discloses a method to confirm the integrity of software by checking the signature of the software when a code stored in a programmable read only memory (PROM) boots up. However, this conventional method can internally confirm the integrity only during the boot-up. In other words, a separate secure mechanism is required to confirm the integrity of the software from an outside. Additionally, if an attacker alters the PROM contents and generates the valid check code, an accurate integrity check is infeasible.
Thus, a new method is needed to verify the integrity of a memory from the outside during the run time, as well as the boot-up, and is invulnerable against attacks by a malicious code to alter the memory location.